[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

[graphical gui] Whonix Setup Wizard / Anon Connection Wizard - Technical Discussion


#402

This is https://github.com/Whonix/whonixcheck/blob/master/usr/lib/whonixcheck/check_tor_config.bsh which is in essence running:

sudo --non-interactive -u debian-tor tor --verify-config
  • Could you please confirm that sudo --non-interactive -u debian-tor tor --verify-config will exit non-zero (1)? (echo $?)
  • Could you please confirm, that Tor is actually running? sudo systemctl status tor@default
  • And Tor is also functional, connectivity is working?

In that case, it looks like a bug in tor --verify-config.

Tor’s systemd unit /lib/systemd/system/tor@default.services used to run tor --verify-config, but apparently no longer doing so in Debian stretch.

It seems like tor --verify-config seems to report missing Tor .d config folder as an error while Tor itself does not. This I would consider a bug. If that is true, could you report a bug against Tor please?


#403

After running anon-connection-wizard, checked with
sudo --non-interactive -u debian-tor tor --verify-config; echo "exit code $?"

It returns exit 0.

Dec 31 17:00:30.156 [notice] Tor 0.3.1.9 (git-df96a13e9155c7bf) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
Dec 31 17:00:30.156 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 31 17:00:30.157 [notice] Read configuration file “/etc/tor/torrc”.
Configuration was valid
exit code 0

Restarting tor is OK, everything is functional, but whonixcheck is still complaining.

If we comment out the line %include /etc/tor/torrc.d in /etc/torrc, then whonixcheck runs without tor warning.


#404

Alright, so I think it’s an tor --verify-config bug.

Shall I disable this check in whonixcheck or we just make sure that folder exists in next upgrade (Whonix 14 of course, another iteration, package upgrade can be very soon).


#405

I think it would be better to create the folder in the, or a package instead of disabling the check, because other things might get wrong in /etc/tot/torrc, user tampering being one.


#406

Or may be not. whonixcheck is still complaining when /etc/torrc.d exists.


#407

apparmor is not allowing whonixcheck to read /etc/torrc.d. I’ll update the the profile.


#408

@iry

Hi @troubadour ! I know that Whonix has been using guimessage module to do the translation, but I just learned a more standard and widely used way to do this is using gettext. Do you know if there was any concern that makes us use guimessage instead of gettext?

No there was no concern about gettext. When we started to get rid of the hard coded messages in the scripts, we found that solution (the gui-message script was written by nrgaway).

Later, I have been in touch with the people at translatewiki. They told me that yaml files solution was not standard and that we would run into problems sooner or later. I do not remember the exact content of the conversation, but at the end they did recommend gettext. I had no time to dig into it.


#409

troubadour:

at the end they did recommend gettext. I had no time to dig into it.

Sounds great! Let’s use gettext for the Whonix applications for more
translatable form and less dependencies! :slight_smile:


#410

I got the complain again when the VM is started however when I tried the following command line, it seems there is nothing wrong with the Tor configuration.

user@host:~$ sudo --non-interactive -u debian-tor tor --verify-config
Jan 03 18:50:17.363 [notice] Tor 0.3.1.9 (git-df96a13e9155c7bf) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
Jan 03 18:50:17.363 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jan 03 18:50:17.363 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid
user@host:~$ echo $?
0
user@host:~$ sudo systemctl status tor@default
● tor@default.service - Anonymizing overlay network for TCP
   Loaded: loaded (/lib/systemd/system/tor@default.service; static; vendor preset: enabled)
  Drop-In: /lib/systemd/system/tor@default.service.d
           └─30_qubes.conf, 40_obfs4proxy-workaround.conf, 40_qubes.conf
   Active: active (running) since Wed 2018-01-03 18:49:16 UTC; 1min 29s ago
  Process: 961 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (
  Process: 929 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /var/run/tor (code=exited, status=0/SUCCESS)
 Main PID: 995 (tor)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/system-tor.slice/tor@default.service
           └─995 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0

#411

You probably have to re-run anon-connection-wizard.

The whonixcheck error pops because the line %include /etc/torrc.d exist in torrc, but /etc/torrc.d was lost on shutdown.

Wondering why /etc/tor/torrc is not reset too.


#412

Hi toubadour!

I used a standalone VM where everything is persistent. So I guess this is not the problem?

Because a rule has been added here to make it persistent in a TemplateBaed VM:


#413

Thanks. Still have to catch up.

Strange. If everything is persistent, it should work after installing the last patch to whonixcheck apparmor profile.


#414

About integration, done with whonix-repository-wizard in whonix-repository package.

https://github.com/troubadoour/whonix-repository/commit/b5353aeb391bad37a18a4b6a64b033e8ae8f23fc


#415

Because it’s part of bind-dirs.

https://www.qubes-os.org/doc/bind-dirs/

/etc/tor/torrc.d should not be directly part of bind-dirs. The full plan is here:

[graphical gui] Whonix Setup Wizard / Anon Connection Wizard - Technical Discussion


#416

Let’s keep the package https://github.com/Whonix/whonix-setup-wizard for future use:


#417

May I start to remove the disclaimer from whonix-setup-wizard now?


#418

iry:

May I start to remove the disclaimer from whonix-setup-wizard now?

Yes.


#419

Done, along with many other changes:

https://github.com/Whonix/whonix-setup-wizard/pull/3


#420

Cold you please also remove the now unused messages such as no_torrc since these were moved to anon-connection-wizard?


#421

https://github.com/troubadoour/whonix-repository/commit/b5353aeb391bad37a18a4b6a64b033e8ae8f23fc

Could you review and test please? @iry


Since whonix-repository-wizard gets merged into whonix-repository package, could you please also remove whonix-repository-wizard from whonix-setup-wizard?


qubes-whonix /usr/lib/qubes-whonix/qubes-whonixsetup still using whonix-setup-wizard quick
(https://github.com/Whonix/qubes-whonix/blob/master/usr/lib/qubes-whonix/qubes-whonixsetup)